19 TokenOptional parameter, transparently transferred if H.323 entity unaware of itToken can contain a digital signature with call information (destination, gw, etc)Token is copied from LCF and sent in the SETUP msg, allowing gw or GK at the destination to verify its authenticity and authorize operation

23 Programa IS Expert - NCE / UFRJTCP ConnectionsQ.931/H.225 connection or call signaling channelDefault port (1720)H.245 connection for control and media negotiationAfter has been established, the H.225 connection can be releasedThis connection has to be maintained till the end of callRedes de Computadores - Prof. Moacyr Azevedo

27 Programa IS Expert - NCE / UFRJSETUP Header (II)Source AddressList of aliases of callerIf caller has only an E.164 number, this number will also appear in the Calling Party fieldTypes of aliases defined in H.323E.164 , a regular phone number using only characters from the set << #*,”H.323-ID, unicode stringurl-IDtransport-ID (ex :1720)-ID (ex.Redes de Computadores - Prof. Moacyr Azevedo

28 Programa IS Expert - NCE / UFRJSETUP Header (III)Destination AddressE.164 address of destinationAlso appears in the Called Party Number Information ElementDestExtraCallInfoAdditional list of E.164 addressesFor a H kbps connection, the first E.164 address is given in the Destination Address and the second E.164 goes hereRemoteExtesionAddressalias(es) of called partyRedes de Computadores - Prof. Moacyr Azevedo

29 SETUP Header (IV) SourceCallSignalAddress EndpointIndentifierH.225 signaling transport address to be used by destinationShould not be used behind firewalls/NAT which change TCP ports and IP addresses in packet headersIf this field is absent, destination extracts the transport address for returning Q.932 responses from the headers of received packets, (point to NAT)When NAT gets responses to its own address, it replaces headers and forwards them to the source of SETUP, as it should beEndpointIndentifierUsed when signaling is GK routedCriptoTokensUsed for authentication and message integrity

32 Programa IS Expert - NCE / UFRJComo o TCP é orientado a fluxo (diferente do UDP), existe a necessidade de delimitar as PDUsIsto é feito pelos cabeçalhos TPKT (RFC 1006)ISO transport services on top of the TCP (TPKT)the TPKT encapsulation is necessary in order to define message >boundaries on top of TCP which natively presents a data stream >abstraction to its higher layer. There was recently a discussion on the >h.323implementors forum mailing list around the fact that the reference >to TPKT is not well stated within H Not all of RFC1006 is adopted >by H.225.0, basically only the encapsulation with some fairly fixed >header values as I recall. I'm also pretty sure that H.245 also needs >the TPKT encapsulation. Since RAS is UDP based, I think it does not use >TPKT. The media of course is encapsulated in RTP on top of UDP. > >Hal Purdy >AT&T Laboratories >180 Park Avenue >Room E263, Bldg. 103 >Florham Park, NJ >(973) (w) >(973) (fax) >You can filter TPKT protocols while capturing, as it's always using TCP port 102.Redes de Computadores - Prof. Moacyr Azevedo

33 Programa IS Expert - NCE / UFRJH.225 Message SequenceCall Proceeding, Alerting, Connect, or ReleaseComplete can be sent right immediately after receiving SETUPOne of them has to be received by caller before SETUP timer expires (4s)After sending Alerting, user has 3 min to accept or reject callSetupCall ProceedingAlertingReleaseCompleteConnectRedes de Computadores - Prof. Moacyr Azevedo

34 Programa IS Expert - NCE / UFRJH.245 Control ChannelH.245 TCP connection used forMaster/slave determinationCapabilities determinationOpening of unidirectional logical channelsClosing of logical channelsH.225 TCP can be closed after CONNECT, but H.245 channel must stay open along the whole callH.245 channel is unique for a call between two terminals: known as logical channel 0Redes de Computadores - Prof. Moacyr Azevedo

37 Master/Slave DeterminationPrograma IS Expert - NCE / UFRJMaster/Slave DeterminationUseful when terminals can execute same action or function and a conflict may occur (ex. opening logical channels)Master is always responsibleWith H.235, Master is in charge of media channel cryptographic key distribution to the other terminalsmasterSlaveDetermination messages contain a terminalType value reflecting its capabilities and a random number, to priorize MCU handling in relation to Gks, for exampleRedes de Computadores - Prof. Moacyr Azevedo

43 Question: Excessive LatencyRound trip time for each of the following interactionsARQ/ACFSETUP/CONNECTH.245 Capability exchangeMaster/Slave determinationLogical channel establishmentAdditional latency to open H.225 and H.245 TCP connections

46 H.245 tunnelingIt is the encapsulation of one or more H.245 msgs in h245Control fields of any Q.931 messageIf called terminal has the capability of handling H.245 encapsulation, all H.245 msgs can be exchanged in this way without the need to open an H.245 separated channelOn the contrary, the H.245 channel is open on the normal way

49 GnuGK Gatekeeper Can operate in GK-Routed mode and as a media proxyCan operate as a directory gatekeeperManipulates E.164 addressing (rewriting rules)Supports users behind NATRegistration can be based on H.235, LDAP or IP addressEase block of calls to destinations starting with some forbidden digit (like mobile services)Simple call detail record (CDR) generated for each callHas a simple and efficient control mechanism acting on port 7000 that can be used for managing users and configurations